Others processes can be found at answersthatwork.com
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service
Description: Windows Local Security Authority Server Process handles Windows security mechanisms. It verifies the validity of user logons to your computer or server. Technically, the software generates the process that is responsible for authenticating users for the Winlogon service.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/AWindows NT4/2000/XP/2003 only. LSASS is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server (in technical jargon : it generates the process that is responsible for authenticating users for the Winlogon service).
Recommendation :
An integral part of the operating system, leave alone provided that its full path as shown in The Ultimate Troubleshooter is either C:\WinNT\System32\LSASS.exe (Windows 2000) or C:\Windows\System32\LSASS.exe (Windows XP/2003). If the path is anything else then you may have a virus (see below).
Process File: svchost or svchost.exe
Process Name: Service Host Process
Description: Application that works as a host process for services that run from dynamic link libraries.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/AService Host – Generic Host Process for Win32 Services. The full path to this file should be shown in The Ultimate Troubleshooter as C:\WinNT\System32\Svchost.exe or C:\Windows\System32\Svchost.exe. Windows 2000/XP/2003 only. SVCHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup SVCHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of SVCHOST running, as there will be one instance of SVCHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question). Under Windows XP Professional and Windows 2003 you can find out what DLL-based services SVCHOST is running by typing Tasklist /SVC at a Command/MS‑DOS Prompt (this command is not available in Windows XP Home), while under Windows 2000 you need to use the TLIST –s command from a Command Prompt (MS-DOS Prompt) (depending on how Windows 2000 was installed you may need to download TLIST from the Microsoft website or install it from one of the miscellaneous folders on the Windows 2000 CD).
Recommendation :
An integral part of the operating system, leave alone – multiple instances of SVCHOST is a normal occurrence. If you experience SVCHOST errors, the problem is most likely not with SVCHOST but with the DLLs it is hosting. However, if you experience a lot of SVCHOST errors, and particularly, if the full path to SVCHOST.EXE is not any of the above, then you most likely have a virus (see below).
Process File: csrss or csrss.exe
Process Name: Client/Server Runtime Server Subsystem
Description: Windows client server run-time subsystem handles Windows and graphics functions for all subsystems.
Company: Microsoft Corp
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/AWindows NT4//2000/XP/2003 only. CSRSS is the Client Server Runtime SubSystem. CSRSS is started by SMSS. When the user application makes a Win32 API call, it is usually CSRSS which communicates with the operating system’s Kernel to execute the API call. CSRSS is also known as the Win32 Subsystem.
Process File: backWeb or backWeb.exe
Process Name: Backweb Adware
Description: Adware by Backweb Technologies.
Company: Backweb Technologies
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes
Common Errors: N/A
Process File: alg or alg.exe
Process Name: Application Layer Gateway Service
Description: Part of Internet Connection Sharing application and Internet Connection Firewall for Windows XP. This service provides support for third party protocol plug-ins for the Internet Connection Sharing application and Internet Connection Firewall.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/AApplication Layer Gateway service found only on Windows XP. ALG is an integral part of ICS (Internet Connection Sharing) and ICF (Internet Connection Firewall) in Windows XP. Microsoft’s description : "Provides support for 3rd Party protocol plug-ins for ICS and ICF".
Recommendation :
If you use Windows XP’s Internet Connection Firewall, you must have ALG running. If you use a 3rd Party firewall, set ALG to manual in "Control Panel \ Administrative Tools \ Services".
|
Ctfmon (1) |
CTFMon.exe |
CTFMon
comes with Microsoft Office XP and Windows XP – it activates the
Alternative User Input Text Input Processor (TIP) and the Microsoft Office
XP Language Bar. As long as the Text Services &
Speech are enabled in the Control Panel, this program will force
itself back into your list of background programs. |
|
Ctfmon (2) |
Ctfmon.dll |
You have the W32.Mydoom.B@mm virus. |
|
Dsentry |
Dsentry.exe |
DVD
Sentry. Background task which watches for the insertion of a
software DVD into your DVD drive, and then presents the end‑user
with the choice of either using Dell’s own installation software to
install the software held on that DVD, or using the DVD’s own
installation program. If the DVD does not have its own installation
program (extremely rare), or the “Auto‑insert”
notification on the DVD drive has been turned off, then DSENTRY
presents just the one option : using Dell’s own installation
program. |
|
Inetinfo |
Inetinfo.exe |
Microsoft
Internet Information Service. Seen primarily on Windows NT4/2000
Server where it provides Internet Proxy and Web Server services. |
| Helpsvc | HelpSVC.exe (Microsoft) |
Microsoft
Help Center Service – Windows XP. In our experience you will
only see this task running if you have Automatic Updates turned ON or
if you are in the process of running a Windows Update, or you access
the Windows XP Help, as this task’s main job is to install Microsoft
updates to the Windows XP Help and Support Center, and most
specifically, new Headlines. Microsoft’s description of Headlines :
"A useful feature of Help and Support Center is the Headlines
area. This area is typically titled "Did you know?"
and is usually located in the lower-right corner of the main window,
unless the window has been customized by the OEM or modified for
certain languages. A page in Help and Support Center with more
Headlines is exposed to users when they click the "View more
headlines" hyperlink at the bottom of the "Did you
know?" section. Headlines provides a dynamic source of
content that users can visit frequently to find help and support on
current issues as well as those that were known at the time the
operating system was released. For example, it may display links
to topics that inform the user about new security bulletins, software
updates, or new Help content.". Recommendation : In most cases this task terminates once the Windows Update terminates and/or you exit the Windows XP Help. It has been known, however, not to terminate itself and instead to run away with CPU usage, up to 90%, with the obvious impact on the PC’s performance. If this happens regularly create a DWORD entry called Headlines and give it the value of 0, for the following Registry Key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ PCHealth \ HelpSvc \ (only advanced users should attempt this). This disables the Headlines feature which simply means that your Help and Support Center headlines are never updated. |
| Mcvsshld | McVSShld.exe (McAfee) |
McAfee
ActiveShield. Background task which is part of McAfee VirusScan
Online and which virus scans files in the background as and when
they are accessed. Recommendation : An essential part of McAfee VirusScan Online – leave alone. |
|
Mdm |
MDM.exe |
Machine
Debug Manager. Windows 98/ME/2000/XP/2003. This is
used purely by Technically Advanced Users and Developers, and in
very specific cases at that. It is not needed in most normal
day-to-day uses of a PC. |
| Qttask | QTTask.exe (Apple) |
Apple’s
QuickTime Tray Icon which enables you to start QuickTime from
the System Tray (from version 5 onward). Given the
extremely simple functionality of this Tray icon, it is a
totally unreasonable resource hog – it has been measured to
use as much as 1.5Mb of memory at times. Recommendation : Disable it immediately, as follows – Start QuickTime through "Start \ Programs", choose the "Edit \ Preferences" menu option, select "QuickTime Preferences" from the right-hand side menu, uncheck the box next to QuickTime System Tray icon. In version 6, however, this is done differently : double-click on the QuickTime icon in the Control Panel to bring up the QuickTime Settings panel, choose Browser Plug-in in the drop-down at the top, and then uncheck QuickTime System Tray icon. Next, disable or delete it with The Ultimate Troubleshooter if it still shows in The Ultimate Troubleshooter. You can always start QuickTime through "Start \ Programs" or through double-clicking on a quicktime file. |
|
Services (1) |
Services.exe |
Windows
NT4/2000/XP/2003 only. This is the Services Control
Manager which is responsible for starting, stopping, and
interacting with system services. It’s full path as
shown in The
Ultimate Troubleshooter is either
C:\WINNT\System32\Services.exe in Windows NT4/2000, or
C:\Windows\System32\Services.exe in Windows XP/2003. |
|
Smss |
Smss.exe |
Windows
NT4/2000/XP/2003 only. SMSS is the Session Manager
SubSystem. SMSS’s purpose is to start, manage, and
delete user sessions (or client sessions under Terminal
Server). Under Terminal Server the management part
includes dealing with the different subsystems (OS/2, Win32,
POSIX) which a client session may wish to run. |
|
System (1) |
N/A |
Windows
NT4/2000/XP/2003 only. A collective name for all
operating system kernel threads. |
|
System
(2) |
System.exe |
You have one of the Trojan.Download.Revird / Trojan.Mitglieder.C / Backdoor.Tuxder viruses (or some other virus). |
|
System Idle Process |
N/A |
Windows
NT4/2000/XP/2003 only. This is a process which runs
on each CPU in your PC/Server and whose sole purpose is to
total up the amount of time when the processor is not
doing anything. In Task Manager (Task List) this
process usually accounts for the majority of processor
time. |
| Tcpsvcs | TCPSvcs.exe (Microsoft) |
Microsoft
TCP/IP Services Application for Windows NT4/2000/XP/2003.
This task loads if you have configured Windows with
special TCP/IP services, such as the DHCP Server, Simple
TCP, TCP/IP Print Services to print to a printer using an
internal or external print server (a print server is,
effectively, a network card for a printer), etc... Recommendation : Essential – Leave alone. |
| Tfswctrl | Tfswctrl.exe (Hewlett-Packard) |
Background
task for Hewlett-Packard’s DLA software (Drive Letter
Assignment). HP’s DLA gets installed when
you installed the software that comes with their CD/DVD
Writers. HP’s DLA is packet writing software
which enables you to store data onto CD’s directly
from within Windows applications, without using the
actual CD Writing software (much like Roxio’s DirectCD. Recommendation : Many users have reported shutdown problems caused by TFSWCTRL "not responding". In all cases, since they were never using the DLA software and were instead using the CD Writing software to create their CDs, they simply de-installed HP’s DLA and that solved all their problems with TFSWCTRL. |
|
Utilman |
UtilMan.exe |
Windows
2000/XP/2003 Utility Manager application which can be
started via “Start \ Programs \
Accessories \ Accessibility \ Utility
Manager” or by Windows-Key+U.
The Utility Manager allows the user to configure
through the one window the following special
Accessibility features : Magnifier, Narrator,
and On-Screen Keyboard. |
|
Wdfmgr |
Wdfmgr.exe |
Microsoft’s
User Mode Driver Manager service. At the time
of writing this service gets installed on Windows XP
when you either install Windows Media Player 10, or
when you upgrade to Service Pack 2 for Windows XP.
Introduced in September 2004. This service is
part of the new device driver strategy from
Microsoft for Windows 2000/XP/2003 and future
versions of Windows : this strategy, the
Windows Driver Foundation (WDF), aims
to make it significantly simpler to write drivers
for tomorrow’s Windows environments which
hopefully will lead to higher quality and more
reliable drivers; it also aims to ensure that,
in future, buggy or badly written drivers will not
have the detrimental or catastrophic effects that
they have nowadays (freezes, instability, Windows
not booting up, illegal operations, etc..);
finally, the new strategy also aims to ensure that
many more drivers will be installable without the PC
needing to be logged in as “Administrator” or
with “Administrator” privileges.
Starting with Windows XP Service Pack 2 and Windows
Media Player 10, Microsoft is adding the WDF
framework to Windows 2000/XP/2003 to enable
peripheral manufacturers to start producing WDF
drivers. For technical users :
this particular service, WDFMGR, implements the
user-mode driver framework of the new WDF driver
strategy. This framework enables developers to
create drivers for network connected devices, and
some USB devices, where the drivers run in user mode
rather than kernel mode but still behave as standard
Plug-and-Play drivers. |
|
Winlogon (1) |
WinLogon.exe |
Windows
NT4/2000/XP/2003 Logon application whose full path
is either C:\WinNT\System32\Winlogon.exe
or C:\Windows\System32\Winlogon.exe.
This process manages users’ logons and logoffs
on your PC/Server. The window which pops up
and prompts you for your username and password, or
which allows you to logoff or shutdown, is the
WINLOGON process. |
|
Winlogon (2) |
WinLogon.exe |
If
you have Windows NT4/2000/XP/2003 and the full
path for this task is C:\WinNT\Winlogon.exe
or C:\Windows\Winlogon.exe ,
then you may have the W32.Netsky.C@mm
virus, or a newer virus. If you have
Windows 95/98/ME then you definitely have
either the above virus or a newer virus. |
Process File: mmdiag or mmdiag.exe
Process Name: MusicMatch Jukebox Component
Description:
mmdiag.exe is a process that belongs to the MusicMatch Jukebox. MusicMatch
Jukebox is a multimedia application supporting most know media formats.
Process File: mim or mim.exe
Process Name: Musicmatch Jukebox Process
Description:
mim.exe is belonging to the Musicmatch Jukebox software. Musicmatch Jukebox
is a multimedia application supporting most known media formats. This is a non
essential system process and, disabling or enabling this is down to user
preference.
Process File: mqsvc or mqsvc.exe
Process Name: Microsoft Message Queue Server
Description:
mqsvc.exe is a process of the Microsoft Windows Operating System, and
belongs to the Message Queue Server (MSMQ). This is a non-essential process.
Disabling or enabling this is down to user preference
Process File: mainserv or mainserv.exe
Process Name: PowerChute Personal Edition
Description:
mainserv.exe is a process belonging to the PowerChute power management
utility which allows for safe shutdown and adds to power related facilities
already installed on your computer. This program is non-essential process to the
running of the system, but should not be terminated unless suspected to be
causing problems.